PT-2025-3364 · Beijing Sogou Technology Development Co. · Sogou Input
Published
2025-01-27
·
Updated
2025-01-27
·
CVE-2024-56963
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Beijing Sogou Technology Development Co., Ltd Sogou Input version 12.2.0
Description
An issue in the software allows attackers to access sensitive user information via supplying a crafted link. This is achieved by providing a manipulated link, which enables unauthorized access to confidential user data.
Recommendations
For version 12.2.0, consider restricting access to sensitive user information until a patch is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation.
Fix
Open Redirect
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sogou Input